Total
3412 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33958 | 1 Notaryproject | 1 Notation-go | 2024-11-21 | 5.4 Medium |
| notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | ||||
| CVE-2023-33957 | 1 Notaryproject | 1 Notation-go | 2024-11-21 | 2.6 Low |
| notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | ||||
| CVE-2023-32787 | 2 Opcfoundation, Prosysopc | 4 Ua Java Legacy, Ua Historian, Ua Modbus Server and 1 more | 2024-11-21 | 7.5 High |
| The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. | ||||
| CVE-2023-32341 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. | ||||
| CVE-2023-31889 | 1 Asus | 1 Asus Firmware | 2024-11-21 | 5.5 Medium |
| An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request. | ||||
| CVE-2023-31655 | 1 Redis | 1 Redis | 2024-11-21 | 7.5 High |
| redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2023-31006 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | 6.5 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. | ||||
| CVE-2023-30999 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | 7.5 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651. | ||||
| CVE-2023-2798 | 2 Htmlunit, Redhat | 3 Htmlunit, Migration Toolkit Applications, Migration Toolkit Runtimes | 2024-11-21 | 7.5 High |
| Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. | ||||
| CVE-2023-2263 | 1 Rockwellautomation | 2 Kinetix 5700, Kinetix 5700 Firmware | 2024-11-21 | 7.5 High |
| The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack. | ||||
| CVE-2023-29449 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.9 Medium |
| JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access. | ||||
| CVE-2023-29046 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 Medium |
| Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known. | ||||
| CVE-2023-28938 | 1 Mdadm Project | 1 Mdadm | 2024-11-21 | 3.4 Low |
| Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. | ||||
| CVE-2023-27314 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 7.5 High |
| ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. | ||||
| CVE-2023-26434 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | 4.3 Medium |
| When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known. | ||||
| CVE-2023-26433 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | 4.3 Medium |
| When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known. | ||||
| CVE-2023-26157 | 1 Gnu | 1 Libredwg | 2024-11-21 | 5.5 Medium |
| Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. | ||||
| CVE-2023-26151 | 1 Freeopcua | 1 Opcua-asyncio | 2024-11-21 | 5.3 Medium |
| Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | ||||
| CVE-2023-26144 | 2 Graphql, Redhat | 3 Graphql, Advanced Cluster Security, Migration Toolkit Virtualization | 2024-11-21 | 5.3 Medium |
| Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process. | ||||
| CVE-2023-26141 | 2 Contribsys, Redhat | 2 Sidekiq, Satellite | 2024-11-21 | 7.5 High |
| Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | ||||